aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl/ossl_x509store.c
Commit message (Collapse)AuthorAgeFilesLines
* x509store: fix memory leak in X509::StoreContext.newky/x509stctx-new-fix-leakKazuki Yamaguchi2020-08-121-5/+16
| | | | | The certificate passed as the second argument was not properly free'd in the error paths.
* Merge branch 'maint-2.0' into maintKazuki Yamaguchi2020-03-091-2/+0
|\ | | | | | | | | | | | | | | | | | | * maint-2.0: ssl: set verify error code in the case of verify_hostname failure x509: add error code and verify flags constants Remove taint support Restore compatibility with older versions of Ruby. Fix keyword argument separation issues in OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock config: support .include directive
| * Remove taint supportJeremy Evans2020-02-241-2/+0
| | | | | | | | | | | | | | | | | | | | [ This is a backport to the 2.0 branch. ] Ruby 2.7 deprecates taint and it no longer has an effect. The lack of taint support should not cause a problem in previous Ruby versions. (cherry picked from commit e7ed01b580a139ad0fb320ad5f29bbb40ef2ddc2)
* | Merge branch 'maint-2.0' into maintKazuki Yamaguchi2018-08-081-0/+1
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The fix made in 6fcc6c0efc42 ("test/test_ssl: fix test failure with TLS 1.3", 2018-08-06) is applied to the new test cases. * maint-2.0: reduce LibreSSL warnings openssl_missing.h: constified openssl: search winsock search winsock libraries explicitly no ID cache in Init functions test/test_ssl: fix test failure with TLS 1.3 tool/ruby-openssl-docker: update to latest versions pkey: resume key generation after interrupt
| * no ID cache in Init functionsnobu2018-08-081-0/+1
| | | | | | | | | | | | | | Init functions are called only once, cache is useless. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62429 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Sync-with-trunk: r62429
* | Merge branch 'maint'bpointKazuki Yamaguchi2017-06-141-0/+9
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * maint: Ruby/OpenSSL 2.0.4 History.md: add entries for 2.0.1-2.0.3 History.md: wrap at 80 characters extconf.rb: simplify searching libraries logic Search SSL libraries by testing various filename patterns openssl: fix broken openssl check openssl: fix broken openssl check x509store: clear error queue after calling X509_LOOKUP_load_file() tool/sync-with-trunk: 'LASY' -> 'LAST' Update .travis.yml and Dockerfile test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors Fix documentation for OpenSSL::Cipher#final Fix typos ssl: check return value of SSL_set_fd() test/test_ssl: fix typo in test_sysread_and_syswrite Fix typos test/test_pkey_ec: do not use dummy 0 order
| * x509store: clear error queue after calling X509_LOOKUP_load_file()Kazuki Yamaguchi2017-06-141-0/+9
| | | | | | | | | | | | | | | | | | | | | | X509_LOOKUP_load_file(), which ends up calling X509_load_cert_crl_file() internally, may leave error entries in the queue even when it returns non-zero value (which indicates success). This will be fixed by OpenSSL 1.1.1, but can be worked around by clearing the error queue ourselves. Fixes: https://bugs.ruby-lang.org/issues/11033
* | Remove unused functions and macrosKazuki Yamaguchi2017-05-221-22/+0
| |
* | Remove SafeGet*() macrosKazuki Yamaguchi2017-05-021-11/+3
| | | | | | | | | | | | They are no longer useful since we use the TypedData_Get_Struct() which also performs type checking (based on the rb_data_type_t) for the non-safe Get*() macros. Just use them instead.
* | Fix RDoc markuptopic/fix-rdoc-markupKazuki Yamaguchi2017-02-241-12/+13
|/ | | | | Ruby core uses _str_ for emphasizing argument names and +str+ for codes. Match with the rule for better rendering.
* Move verify_callback stuff to ossl_x509store.cKazuki Yamaguchi2016-10-281-25/+83
| | | | | Accordingly, unused functions ossl_x509stctx_new() and ossl_x509stctx_clear_ptr() are now removed.
* Avoid using *2FIX() where we don't know if it really fits in FixnumKazuki Yamaguchi2016-08-221-2/+2
|
* x509store: fixup documentationtopic/fixup-docsKazuki Yamaguchi2016-08-221-32/+169
|
* Implement missing initialize_copytopic/fix-initialize-copyKazuki Yamaguchi2016-08-041-0/+2
| | | | | | | | | | | | | | | | | | | | | Implement initialize_copy for: - OpenSSL::PKCS12 - OpenSSL::SSL::SSLSession - OpenSSL::X509::Attribute - OpenSSL::X509::Extension - OpenSSL::X509::Name - OpenSSL::X509::Revoked Remove initialize_copy from: - OpenSSL::SSL::SSLContext - OpenSSL::SSL::SSLSocket - OpenSSL::Engine - OpenSSL::X509::Store - OpenSSL::X509::StoreContext [Bug #12381]
* Refactor common verify callback codeKazuki Yamaguchi2016-07-101-1/+15
| | | | | | | | | | There is a function ossl_verify_cb() that fetches the custom callback Proc from X509_STORE/X509_STORE_CTX and calls it, but it was not very useful for SSL code. It's only used in ossl_x509store.c and ossl_ssl.c so move X509::Store specific code to ossl_x509store.c. Also make struct ossl_verify_cb_args and ossl_call_verify_cb_proc() local to ossl.c.
* Fix RDoc styletopic/rdoc-fixesKazuki Yamaguchi2016-07-091-1/+2
|
* openssl: adapt to OpenSSL 1.1.0 opaque structsrhe2016-06-091-8/+14
| | | | | | | | | | | | | | | * ext/openssl/extconf.rb: Check existence of accessor functions that don't exist in OpenSSL 0.9.8. OpenSSL 1.1.0 made most of its structures opaque and requires use of these accessor functions. [ruby-core:75225] [Feature #12324] * ext/openssl/openssl_missing.[ch]: Implement them if missing. * ext/openssl/ossl*.c: Use these accessor functions. * test/openssl/test_hmac.rb: Add missing test for HMAC#reset. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55287 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: support OpenSSL 1.1.0's new multi-threading APIrhe2016-06-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/extconf.rb: Check absence of CRYPTO_lock() to see if the OpenSSL has the new threading API. In OpenSSL <= 1.0.2, an application had to set locking callbacks to use OpenSSL in a multi-threaded environment. OpenSSL 1.1.0 now finds pthreads or Windows threads so we don't need to do something special. [ruby-core:75225] [Feature #12324] Also check existence of *_up_ref(). Some structures in OpenSSL have a reference counter. We used to increment it with CRYPTO_add() which is a part of the old API. * ext/openssl/openssl_missing.h: Implement *_up_ref() if missing. * ext/openssl/ossl.c: Don't set locking callbacks if unneeded. * ext/openssl/ossl_pkey.c, ext/openssl/ossl_ssl.c, ext/openssl/ossl_x509cert.c, ext/openssl/ossl_x509crl.c, ext/openssl/ossl_x509store.c: Use *_up_ref() instead of CRYPTO_add(). git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55283 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: drop OpenSSL 0.9.6/0.9.7 supportrhe2016-05-311-29/+0
| | | | | | * ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: use StringValueCStr() where NUL-terminated string is expectedrhe2016-05-311-4/+4
| | | | | | | | | | | | | | * ext/openssl/ossl_asn1.c, ext/openssl/ossl_bn.c, ext/openssl/ossl_cipher.c, ext/openssl/ossl_digest.c ext/openssl/ossl_engine.c, ext/openssl/ossl_ns_spki.c ext/openssl/ossl_pkcs12.c, ext/openssl/ossl_pkcs7.c ext/openssl/ossl_pkey.c, ext/openssl/ossl_pkey_ec.c ext/openssl/ossl_rand.c, ext/openssl/ossl_ssl.c ext/openssl/ossl_x509attr.c, ext/openssl/ossl_x509cert.c ext/openssl/ossl_x509ext.c, ext/openssl/ossl_x509store.c: Use StringValueCStr() where NUL-terminated string is expected. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55134 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: register ex_data index for X509_STORE{_CTX,} respectivelyrhe2016-05-311-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/ossl.c (Init_openssl): register an ex_data index for X509_STORE and X509_STORE_CTX respectively. Since they don't share the ex_data index registry, we can't use the same index. (ossl_verify_cb): use the the correct index. * ext/openssl/ossl_ssl.c (ossl_ssl_verify_callback): ditto. * ext/openssl/ossl_x509store.c (ossl_x509store_set_vfy_cb): ditto. (ossl_x509stctx_verify): ditto. * ext/openssl/ossl.h (void ossl_clear_error): add extern declarations of ossl_store_{ctx_,}ex_verify_cb_idx. * ext/openssl/openssl_missing.c: remove X509_STORE_set_ex_data and X509_STORE_get_ex_data. * ext/openssl/openssl_missing.h: implement X509_STORE_get_ex_data, X509_STORE_set_ex_data and X509_STORE_get_ex_new_index as macros. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55074 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: clear OpenSSL error queue before return to Rubyrhe2016-05-311-5/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Sync with ruby trunkZachary Scott2015-09-231-1/+0
|
* Upstream ruby/ruby@451fe26 from r50673Zachary Scott2015-06-031-8/+16
|
* Apply ruby/ruby@325a50fc572516a171d640765d6ddf9b20be14dc to fix typosZachary Scott2015-05-041-1/+1
| | | | See also r50351 from ruby/ruby#876
* Sync with ruby trunkZachary Scott2015-01-051-6/+31
|
* import ruby trunkSHIBATA Hiroshi2014-10-271-0/+677
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-10 15:52:53 +0000